Everything you need to know about ISO 13485
Have you spent countless stressful hours preparing for ISO 13485 certification?
You’re not alone.
ISO 13485 is the internationally recognized quality management benchmark for medical device manufacturers. Certification guarantees the trust of your regulators, stakeholders and future customers while quickening your route to market.
There’s no denying that it’s a complex process which needs to be done right.
But with some expert guidance and the right toolset, there’s absolutely no reason your company can’t unlock and embed lasting ISO 13485 compliance.
This guide contains everything your team needs to kickstart and complete a successful ISO 13485 accreditation journey and to get your medical device to market before your competitors. Let’s dive in.
What does ISO 13485 mean?
ISO 13485 is an internationally agreed upon set of standard quality management system (QMS) requirements for any company involved in the design, production, installation, servicing and manufacturing of medical devices.
ISO 13485 was first published in 1996 and has since been revised in 2003 and 2016.
The current version, ISO 13485:2016, came into effect in March 2016. The aim of these requirements is to ensure that medical devices and services consistently meet customer expectations and relevant regulatory requirements.
Why is ISO 13485 certification important?
The International Organization for Standardization (or ISO) is an international non-governmental organization of industry leaders who share their knowledge and expertise to provide solutions for global challenges.
ISO 13485 effectively covers ISO 9001 with a few additional requirements. Consumers and the life science supply chain have come to trust ISO, and they’ll often refuse to purchase medical device products from companies that lack ISO 13485 certification.
To obtain CE marking—which indicates conformity with safety standards for products sold in the European Economic Area—medical device manufacturers must either obtain certification with a notified body or have a quality system in place.
5 key elements of ISO 13485
ISO 13485 includes requirements for design and development, risk management, production and post-production processes for medical device companies. Below are five key requirements from ISO 13485 that are critical for companies seeking certification.
1. Quality management system (QMS)
To be certified to ISO 13485, a company must implement and maintain a quality management system that meets the requirements set out in the standard. This section talks about general quality management system requirements, as well as the documentation needed to implement and maintain an effective quality management system.
According to ISO, organizations need to:
- Determine the processes the quality management system requires and what's needed to apply these processes throughout the organization, taking into account the various roles involved,
- Apply a risk-based approach to the control of the appropriate processes needed for the quality management system, and
- Determine the sequence and interaction of these processes
2. Management responsibility
This section outlines the unique roles and responsibilities of management as it pertains to quality management system implementation and maintenance.
In short, management should provide evidence of its commitment to the development and maintenance of the quality management system and its effectiveness. To do that:
- Communicate the importance of meeting regulatory requirements
- Establish high-value quality policy
- Ensure that quality objectives are established
- Conduct management reviews
- Ensure availability of quality management system resources
3. Resource management
This phase outlines the resources life sciences organizations should commit to implement the quality management system and maintain system effectiveness. It outlines the provisions needed to meet major regulatory and customer requirements.
Resources outlined in this section include:
- The provision of resources
- Human resources
- Work environment
- Contamination control
4. Product realization
In a rush to get products into development as soon as possible, many organizations often overlook the planning phase. Section 7.1 requires that you appropriately plan your realization efforts.
More specifically, it states that you should:
- Establish the quality requirements for your product(s)
- Define what your required processes will be and what supporting documentation will be needed for those processes
- Outline the company infrastructure that will need to be created and what the work environment should be like
- Define employee qualification and training requirements
- Establish your processes for verification, validation, measurement, monitoring, handling, inspection, storage, distribution, and traceability
Finally, you have to organize all of that information in such a way that it can be easily accessed and understood.
5. Measurement, analysis, improvement
According to ISO, "the organization shall plan and implement the monitor, measurement, analysis, and improvement processes" related to the quality management system and products.
In this pursuit, organizations need to:
- Demonstrate conformity of product
- Ensure conformity of the quality management system
- Maintain the effectiveness of the quality management system
ISO 13485 clauses
ISO 13485 contains 8 clauses as part of its requirements.
- Normative References
- Terms and Definitions
- General requirements
- Management responsibility
- Resource management
- Product realization
- Measurement, analysis and improvement
Let's briefly review each clause:
The scope sets out the intended outcomes of the modern medical device quality management system, including the significance of the process approach and continuous improvement.
2. Normative References
Provides details of the reference standards or publications relevant to the particular standard, including ISO 9001:2015.
3. Terms & Definitions
Details terms and definitions applicable to the standard, including definitions of Active Implantable Medical Device, Active Medical Device, Advisory Notice, Customer Complaint, Implantable Medical Device, Labeling, Medical Device and Sterile Medical Device
4. General requirements
Lays out the broad requirements for a properly documented ISO 13485 QMS, including:
- Quality manual with clear QMS scope
- Documentation control procedures
- Required forms, records and SOPs
5. Management responsibility
Concerns the role of ‘top management’: the group of people who direct and control your organization at the highest level. Customer and patient satisfaction and safety should be overseen and maintained by top management with:
- Clear responsibilities
- Frequent management reviews
- A clear quality policy with objectives
6. Resource management
Requirements for how resources are managed and applied to meet your quality objectives, including personnel, equipment and training.
7. Product realization
Maps out requirements for the end-to-end medical device product realization process, including:
- Production and manufacture
- Capturing and actioning feedback
8. Measurement, analysis and improvement
Breaks down how to monitor and analyze your processes with a view to continuous refinement and improvement. Core considerations include:
- Non-conformance control
- Measuring and maximizing customer satisfaction and patient/product safety
ISO 13485 vs. ISO 9001
ISO 9001 lays the framework for a quality management system that can be applied no matter what industry you’re in or what your product, service, or company size is. If your company intends to manufacture medical devices, you’ll need to seek ISO 13485 certification.
ISO 13485 has additional requirements not found in ISO 9001 that are specific to medical device manufacturers. Let’s take a look at the similarities and differences between ISO 9001 and ISO 13485, so you can get a better understanding of where you need to raise the bar on quality as a medical device manufacturer.
Similarities between ISO 13485 and ISO 9001
- Each standard helps organizations achieve a quality management system
- Both place a focus on risk mitigation and assessment
- Both utilize the Deming cycle, also known as Plan Do Check Act
- They each place a focus on competency and infrastructure for quality
- Both emphasize understanding the customer for the realization of quality products
Additional requirements for ISO 13485
- Device master record explicitly defining QMS requirements
- Feedback and review system for non-conformance detection 18
- Product quality control (monitoring and measuring) throughout production process
- Set quality requirements must be met before product release and delivery
- Advisory notices, rework activity, release of non-conforming product (which still meets regulatory requirements) must be documented
- Personnel require access to procedures, requirements and reference materials at the point of work
- Unique and specific records for every approved and verified device batch
- Installation and verification device requirements
- Maintained records of device installation, verification and servicing activities and procedures
- QMS containing product specification documents and quality policy, with a framework for reviews and updates controlled by the management team
- Management must verify QMS goals and compliance
- Documented procedures for shelf life, quality data collection/analysis/ retention, maintenance activity, risk/environment management, adverse event flagging, product conformity, identification, returns, maintenance, labeling and packaging
9 tips to prepare for ISO 13485 certification
Now that we understand the key components and clauses of ISO 13485 and the differences with ISO 9001, it's time to look at preparation for certification. This process doesn't have to be complicated or overwhelming. Follow these nine tips to help you get your certification faster.
Familiarize yourself with the guidelines
Take time to read the guidelines thoroughly and make sure you understand what’s required of you to become certified. You can view a preview and purchase the complete document on ISO 13485 from ISO’s website here.
Meet CAPA standards
Refer to the FDA’s inspection guidelines, ISO 13485 8.5.3 (prevention), and ISO 13485 8.5.2 (correction) to ensure your company meets CAPA standards. Failure to meet CAPA standards is the number one trigger for FDA citations in the medical device industry.
Implement complaint procedures
Establish complaint procedures that follow the guidelines laid out in FDA CFR 820.198 and ISO 13485 8.2.2. A lack of standard procedures for handling complaints or failure to provide evidence that they followed procedures is the second most common reason organizations received a 483 observation.
Include purchasing controls
Create a written procedure for supply chain management to reduce the risk of noncompliance or supplier risks that could compromise your device quality.
Develop MDR procedures
MDR (Medical Device Reporting) should include events and annual reports as detailed under FDA CFR 803.17 and ISO 13485:2016. 9 steps to prepare for ISO 13485 certification 16 Written procedures and systems are critical for compliance with record-keeping guidelines for MDR.
Create a process to prepare for the audit
Review the following areas every three months, so you aren’t putting internal audits off until the last minute:
- Quality assurance
Focus on upstream quality
Manufacturers use the term “Upstream Quality (UQA)” to refer to a concept that relates to quality from the start. Focusing on UQA means putting effort into planning in the early stages to reduce quality issues later down the line.
Prepare to talk to the auditor
Auditors don’t fail or pass you right there on the spot. Interactions are generally low-pressure and more conversational. Avoid giving any information you aren’t sure of and be prepared to have a productive conversation.
Use an eQMS — not a paper-based system!
Electronic quality management systems designed for life sciences companies — like Qualio — are built using the ISO 13485 framework for quality control, operational efficiency, regulatory compliance and the safe manufacture of medical devices.
Unless you want to hire an in-house team of IT staff to run your eQMS, you need software that’s simple and easy to use. The perfect eQMS should provide essential functions such as document control, training, and the ability to expand to other areas — like CAPA — as you get closer to product approval. And as your company grows, your eQMS needs to grow with you.
A robust eQMS should offer essential components for risk management, testing, and other procedures to streamline product submission.
An International Trade Administration study found that 73% of medical device manufacturers have 20 or fewer employees, so utilizing a cloud-based eQMS is critical for effective collaboration among a distributed workforce.
Benefits of ISO 13485:2016 accreditation
While ISO 9001:2015 covers a broad range of businesses and industries, ISO 13485:2016 has a narrower focus on the medical device industry. By adhering to the guidelines set out in ISO 13485:2016, your organization can enjoy several benefits, including:
- Bringing quality and continuous improvement into the heart of your medical device organization
- Improved patient/customer satisfaction – by consistently providing safe medical devices that meet customer requirements
- Enhanced reputation and credibility – by being ISO 13485:2016 accredited, you can demonstrate to customers, suppliers and other stakeholders that your organization is serious about quality
- Greater efficiency – ISO 13485:2016 can help streamline your processes, making your organization more efficient overall
- Reduced costs – ISO 13485:2016 can lead to reduced waste, rework and other inefficiencies, thereby reducing your organization’s overall costs
- Improved risk management – by having a robust quality management system in place, you can more effectively identify and manage risks associated with your medical devices
- A stronger foundation for growth – ISO 13485:2016 can provide a solid foundation for your organization to grow and expand its operations into new markets.
Use eQMS software to get ahead
Implementing a quality management system cannot cure an organization that isn't led by quality-driven management. Successfully shifting to a quality-driven culture requires full support from the leadership team and a commitment to change.
Quality management software offers a diverse range of business benefits. When you implement a robust eQMS like Qualio for your life sciences company, you’re instantly one step closer to obtaining – and keeping – ISO 13485 certification.